You will probably quickly notice that there are a lot of duplicate looking files in /var/log with numbers at the end of them. Some of them might even have .gz at the end. These are called rotated logs. Usually the log rotator ‘logrotate’ is responsible for rotating old logs at a specified interval in ‘/etc/logrotate.conf’. For more information about logroate do, ‘man logrotate’.

Making sense of Logs

The first impression to a new Linux user coming form a Windows background is, How do I make sense of all these logs? How can I search the log files for specific types of alerts?

Linux with its very modular nature wants to leave as much configuration as possible to the user. Linux stores all alerts in simple text. Since these logs are stored in simple text users have complete control over how the logs can be processed and interpreted. There are a myriad of different search tools or scripts to scan the logs. Using one of the “Linux Powerhouse Programs”, we can refine our logs.

For example lets say we want to analyze auth.log and show only user group changes.

sudo cat auth.log | grep groupadd

This command does a search for each line that contains the keyword ‘groupadd’.

Of course, grep supports regular expressions as well. This command will display only alerts that occurred on May 3rd:

Viewing Logs in a GUI

Although it is easy to use, this GUI is not incredibly useful. It will serve as a quick GUI log viewer but wont be near as useful as learning how to use the command line search tools to analyze your log files.

Logs Don’t Have to be Boring

Logs don’t have to be boring all the time. Logstalgia is a web stats junkies dream come true. With logstalgia you can watch your apache logs with a real time visualizer.